22 lines
892 B
Plaintext
22 lines
892 B
Plaintext
According to the SAP documentation :
|
|
|
|
|
|
____
|
|
This statement starts the ABAP editor for the source text of the program specified in prog. prog has to be a character-type data object, which contains the name of a program in capital letters that exists in the Repository. Otherwise you will get a corresponding status message.
|
|
|
|
|
|
After starting the ABAP editor, it provides the full functionality, as if called from the ABAP-Workbench. You can navigate forward to branch to other tools. After returning from the ABAP-editor, the current program continues after the statement EDITOR-CALL.
|
|
|
|
____
|
|
|
|
But this statement bypasses the authority checks that are performed when calling the ABAP editor via transaction code. Therefore the use of EDITOR-CALL FOR REPORT is a security vulnerability.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
[source,text]
|
|
----
|
|
EDITOR-CALL FOR REPORT 'MY_SAP_REPORT' DISPLAY-MODE.
|
|
----
|
|
|